Mitel Product Security Advisory 24-0002
Mitel Product Security Advisory 24-0002
MiContact Center Business Reflected Cross Site Scripting Vulnerability
Advisory ID: 24-0002
Publish Date: 2024-02-29
Last Updated: 2024-03-05
Revision: 2.0
Summary
A reflected cross-site scripting (XSS) vulnerability has been identified in the legacy chat component of Mitel MiContact Center Business which, if successfully exploited, could allow a malicious actor to obtain sensitive account information and gain unauthorized access.
Mitel is recommending customers with affected product versions update to the latest release.
Affected Products
| Product Name | Product Version | Security Bulletin | Last Updated |
|---|---|---|---|
| MiContact Center Business | 10.0.0.4 and earlier | 24-0002-001 | 2024-03-05 |
Risk Assessment
The risk of this vulnerability is rated as High. Refer to the product Security Bulletin(s) for additional statements regarding risk.
Mitigation / Recommended Action
Customers are advised to update their software to the latest versions and apply the available hotfix.
For additional information, contact Product Support.
Related CVEs / CWEs / Advisories
CVE-2024-28070
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2024-02-29 | Initial version |
| 2.0 | 2024-03-05 | Updated the CVE Number |